openldap-bugs

openldap-bugs@openldap.org

1 participants
20896 discussions

[Issue 8179] LMDB: Feature Request: mdb_env_check_mapsize(env)
by openldap-its＠openldap.org 13 Apr '21

13 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8179 --- Comment #1 from Leonardo Lopes <leonardo(a)cefetmg.br> --- Hello. I can't say if this is really a bug, but this is one of the (very) few results I could find while serching the internet for MDB_MAP_RESIZED error in OpenLDAP. I'll describe my setup and the circumstances of the error. I have OpenLDAP/LMDB installed from Debian 10 default packages in a amd64 box. The package versions are: - liblmdb: 0.9.22-1 - slapd: 2.4.47 Along with the usual settings, I chose the mdb backend with maxsize = 7516192768 (7GB). The on-disk base size (the data.mdb file) is 134MB. I also have loglevel = stats Everything seems to work flawless and fast, so all of sudden syslog prints the this message: Apr 9 15:06:09 vm-ldap-01 slapd[12826]: mdb_opinfo_get: err MDB_MAP_RESIZED: Database contents grew beyond environment mapsize(-30785) and seconds later, the slapd daemon stop to answer all requests. For the record, my workload is essentially reads with ~1000k SRCH ops, ~750k BIND ops and only ~100 ADD/DEL/MOD ops in a typical day. I tried to relate the error with anything possible, but no success. All I have is that when the error occurs, there were always an ADD operation logged right before. As I said, search the internet were of almost no help, except for this bug report and for the source code. After read the sources and the context of occurrence for the MDB_MAP_RESIZED error, I thought it may really be a bug. Thanks for your consideration. -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 9523] New: In OpenLDAP, the password length check counts accented characters (UTF-8) as two characters instead of one
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=9523 Issue ID: 9523 Summary: In OpenLDAP, the password length check counts accented characters (UTF-8) as two characters instead of one Product: OpenLDAP Version: 2.4.40 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs(a)openldap.org Reporter: anand.b.krishnamohan(a)gmail.com Target Milestone: --- In OpenLDAP, the password length check counts accented characters (eg. è which has UTF-8 Encoding of 0xC3 0xA8) as two characters instead of one. As a result, if users enter accented characters, they can create passwords that are shorter than the minimum length specified in the password policy. We tested it directly in Apache Directory Studio and the same result. Is this a bug or is there any setting in LDAP which makes sure the encoding is happening in UTF-16? Steps to reproduce 1. Access the LDAP in Apache Directory studio 2. Have the password policy to accept more than 8 characters 3. Try to update the password for a user to "àbcdefg" (7 characters) Expected result: Fails with the error password length should be greater than 8 Actual result: It accepts the password -- You are receiving this mail because: You are on the CC list for the issue.

1 4

[Issue 8586] load cert+chain from TLSCertificateFile
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8586 --- Comment #13 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • 680091b5 by Andreas Schulze at 2021-04-12T20:32:09+01:00 ITS#8586 load cert+chain from TLSCertificateFile • e16b0a73 by Howard Chu at 2021-04-12T20:32:12+01:00 ITS#8586 server cert manpage tweaks -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7786] Impossible to modify cn=config if olcDbDirectory doesn't exist
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=7786 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|2.5.3 |2.5.4 --- Comment #8 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • c29f0315 by Ondřej Kuzník at 2021-04-12T16:28:49+00:00 ITS#7786 Allow parsing of invalid entries when schema checking off -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8586] load cert+chain from TLSCertificateFile
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8586 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |TEST Status|UNCONFIRMED |RESOLVED --- Comment #12 from Howard Chu <hyc(a)openldap.org> --- fixed in master -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8721] Quarantine in meta backend
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8721 --- Comment #4 from Shawn McKinney <smckinney(a)symas.com> --- Can reproduce proxy not lifting quarantine if the searches continue during quarantine period. Once the operations stop, the quarantine will lift after the specified elapsed time. For example: Three servers: a. huey (proxy) b. dewey (backend server) c. louie (backend server) 1. Stop louie 2. Issue search to huey, only dewey's entries in result set (as expected) 3. Start louie 4. Issue searches before louie's quarantine expires (e.g. 20 seconds) 5. Louie will remain in quarantine while the search ops continue 6. Stop search ops 7. Wait 20 seconds 8. Louie's quarantine expires 9. Start searches again, all of dewey and louie entries now in result set -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8721] Quarantine in meta backend
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8721 --- Comment #3 from Shawn McKinney <smckinney(a)symas.com> --- Cannot reproduce scenario. Details: $OpenLDAP: slapd 2.5.3 Proxy config: ``` gsfile "/var/run/openldap/slapd.args" loglevel stats sync threads 8 ### modules modulepath /opt/openldap25/lib/openldap moduleload back_meta moduleload back_ldap ### schemas include /opt/openldap25/etc/openldap/schema/core.schema include /opt/openldap25/etc/openldap/schema/cosine.schema sizelimit unlimited timelimit unlimited database meta suffix "" quarantine 20,+ rootdn "dc=example,dc=com" rootpw "F00F1ghters" uri ldap://dewey/ou=Groups,dc=example,dc=com uri "ldap://louie/ou=bar,dc=example,dc=com" access to * by * read ``` 1st search (all three servers running): ``` $ ldapsearch -H ldap://huey -D "dc=example,dc=com" -w F00F1ghters -b "dc=example,dc=com" -s sub objectclass=* # Groups, example.com dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Groups description: Group container # foo, Groups, example.com dn: cn=foo,ou=Groups,dc=example,dc=com member: cn=service-user,ou=admin,dc=example,dc=com cn: foo objectClass: groupOfNames objectClass: top # bar, example.com dn: ou=bar,dc=example,dc=com ou: bar objectClass: organizationalUnit objectClass: top # bar, bar, example.com dn: cn=bar,ou=bar,dc=example,dc=com cn: bar sn: bar objectClass: person objectClass: top # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 ``` 2nd search, louie not running, same search op: ``` # Groups, example.com dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Groups description: Group container # foo, Groups, example.com dn: cn=foo,ou=Groups,dc=example,dc=com member: cn=service-user,ou=admin,dc=example,dc=com cn: foo objectClass: groupOfNames objectClass: top # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2 ``` Proxy server logs shows louie has been quarantined: ``` Apr 12 16:59:41 huey slapd[110695]: conn=1004 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 12 16:59:41 huey slapd[110695]: conn=1004 op=1 meta_back_retry[1]: retrying URI="ldap://louie" DN="". Apr 12 16:59:41 huey slapd[110695]: conn=1004 op=1 meta_back_quarantine[1]: enter. ``` 3rd search, louie restarted, after waiting 20 seconds: proxy server, louie exits quarantine: ``` Apr 12 17:02:01 huey slapd[110695]: conn=1005 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(objectClass=*)" Apr 12 17:02:01 huey slapd[110695]: conn=1005 op=1 meta_back_init_one_conn[1]: quarantine retry block #0 try #0. Apr 12 17:02:01 huey slapd[110695]: conn=1005 op=1 SEARCH RESULT tag=101 err=0 qtime=0.000020 etime=0.004103 nentries=4 text= Apr 12 17:02:01 huey slapd[110695]: conn=1005 op=1 meta_back_quarantine[1]: exit. ``` search returns all results as expected: ``` # Groups, example.com dn: ou=Groups,dc=example,dc=com objectClass: organizationalUnit ou: Groups description: Group container # foo, Groups, example.com dn: cn=foo,ou=Groups,dc=example,dc=com member: cn=service-user,ou=admin,dc=example,dc=com cn: foo objectClass: groupOfNames objectClass: top # bar, example.com dn: ou=bar,dc=example,dc=com ou: bar objectClass: organizationalUnit objectClass: top # bar, bar, example.com dn: cn=bar,ou=bar,dc=example,dc=com cn: bar sn: bar objectClass: person objectClass: top # search result search: 2 result: 0 Success # numResponses: 5 # numEntries: 4 ``` -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 7259] slapo-policy count bytes not characters
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=7259 Howard Chu <hyc(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |anand.b.krishnamohan@gmail. | |com --- Comment #4 from Howard Chu <hyc(a)openldap.org> --- *** Issue 9523 has been marked as a duplicate of this issue. *** -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8736] Add test script for cn=config replication using delta-sync
by openldap-its＠openldap.org 12 Apr '21

12 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8736 Ondřej Kuzník <ondra(a)mistotebe.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|ondra(a)mistotebe.net |quanah(a)openldap.org -- You are receiving this mail because: You are on the CC list for the issue.

1 0

[Issue 8770] dsaschema seg faults
by openldap-its＠openldap.org 09 Apr '21

09 Apr '21

https://bugs.openldap.org/show_bug.cgi?id=8770 Quanah Gibson-Mount <quanah(a)openldap.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #7 from Quanah Gibson-Mount <quanah(a)openldap.org> --- Commits: • aba73bdb by Ondřej Kuzník at 2021-04-09T21:02:08+00:00 ITS#8770 Update dsaschema for current slapd • 08861212 by Ondřej Kuzník at 2021-04-09T21:02:08+00:00 ITS#8770 Fix dsaschema memory leaks -- You are receiving this mail because: You are on the CC list for the issue.

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openldap-bugs